Yeah I came across this just now, and was diagnosing the firewall and know the exact cause.
So when dns client is enabled, all dns requests are routed via it, meaning applications do not need specific udp port 53 internet access.
If the dns client is disabled any internet application that wants to do a dns lookup will need outbound udp port 53 traffic allowed.
Now there is some undocumented behaviour going on.
There is hidden WSH Network hardened rules in the windows firewall, these rules are "always" enabled. Regardless of default outbound state in the windows firewall. (allow rules also wont allow the traffic)
So the default windows firewall configuration is to require allow rules for inbound traffic and allow all outbound traffic.
However there is hidden rules that block certain traffic Microsoft decided to block, and it seems wermgr.exe which is used by metro apps, cannot send out dns traffic, the hardened rules block it.
My gut guess is this is a bug that is yet to be fixed. Because the vast majority of people (well over 99%) will have dns client service enabled in its default state.
Interestingly the hidden rules still kick in if you disable the firewall in the advanced UI. The only way to stop the rules is to actually disable the firewall service which is obviously not recommended, meaning the sane choice is either to keep dns client enabled, dont use modern apps or use a 3rd party software firewall in place of the windows firewall.